VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete.

The virtualization giant VMware has released new fixes for ESXi after learning that a patch released in October for the critical CVE-2020-3992 flaw was incomplete.

The CVE-2020-3992 vulnerability is a use-after-free bug issue that affects the OpenSLP service in ESXi, it could be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the SLP daemon.

The flaw exists is caused by the lack of validating the existence of an object prior to performing operations on it.

VMware pointed out that in order to exploit the flaw, the attacker needs to be on the management network and have access to port 427 on an ESXi machine.

“OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.” reads the advisory published by the company. “A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.”

The vulnerability was reported to vendor on July 22, 2020 by Lucas Leong of Trend Micro’s Zero Day Initiative (ZDI).

VMware learned about the security hole in July from Lucas Leong of Trend Micro’s Zero Day Initiative (ZDI). On October 20, 2020, an advisory was publicly released.

The company initially failed to fix the vulnerability, it updated its initial advisory this week informing its customers that the patches had been incomplete.

Now the company has released security patches to address the flaw in ESXi 6.5, 6.7 and 7.0. The vulnerability has yet to be fixed in VMware Cloud Foundation.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ESXi)

[adrotate banner=”5″]

[adrotate banner=”13″]